Compare commits
	
		
			8 Commits
		
	
	
		
			d3daa83d68
			...
			43f9b0d47c
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 43f9b0d47c | |||
| bef5119a0b | |||
| ee13d06ab1 | |||
| 03ed843679 | |||
| 81d6a02229 | |||
| 11f3f9f440 | |||
| 0507b9f7c4 | |||
| e701ebbb02 | 
| @@ -70,7 +70,10 @@ def graph_json( | |||||||
|             .where(Team.id == request.team_id, P.disabled == False) |             .where(Team.id == request.team_id, P.disabled == False) | ||||||
|         ).all() |         ).all() | ||||||
|         if not players: |         if not players: | ||||||
|             raise HTTPException(status_code=status.HTTP_404_NOT_FOUND) |             raise HTTPException( | ||||||
|  |                 status_code=status.HTTP_404_NOT_FOUND, | ||||||
|  |                 detail="no players found in your team", | ||||||
|  |             ) | ||||||
|         for p in players: |         for p in players: | ||||||
|             player_map[p.id] = p.display_name |             player_map[p.id] = p.display_name | ||||||
|             nodes.append({"id": p.display_name, "label": p.display_name}) |             nodes.append({"id": p.display_name, "label": p.display_name}) | ||||||
|   | |||||||
							
								
								
									
										19
									
								
								cutt/main.py
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								cutt/main.py
									
									
									
									
									
								
							| @@ -1,6 +1,6 @@ | |||||||
| from typing import Annotated | from typing import Annotated | ||||||
| from fastapi import APIRouter, Depends, FastAPI, HTTPException, Security, status | from fastapi import APIRouter, Depends, FastAPI, HTTPException, Security, status | ||||||
| from fastapi.responses import JSONResponse | from fastapi.responses import FileResponse, JSONResponse | ||||||
| from fastapi.staticfiles import StaticFiles | from fastapi.staticfiles import StaticFiles | ||||||
| from cutt.db import Player, Team, Chemistry, MVPRanking, engine | from cutt.db import Player, Team, Chemistry, MVPRanking, engine | ||||||
| from sqlmodel import ( | from sqlmodel import ( | ||||||
| @@ -14,6 +14,7 @@ from cutt.security import ( | |||||||
|     get_current_active_user, |     get_current_active_user, | ||||||
|     login_for_access_token, |     login_for_access_token, | ||||||
|     logout, |     logout, | ||||||
|  |     register, | ||||||
|     set_first_password, |     set_first_password, | ||||||
| ) | ) | ||||||
| from cutt.player import player_router | from cutt.player import player_router | ||||||
| @@ -177,6 +178,20 @@ api_router.include_router(team_router, dependencies=[Depends(get_current_active_ | |||||||
| api_router.include_router(analysis_router) | api_router.include_router(analysis_router) | ||||||
| api_router.add_api_route("/token", endpoint=login_for_access_token, methods=["POST"]) | api_router.add_api_route("/token", endpoint=login_for_access_token, methods=["POST"]) | ||||||
| api_router.add_api_route("/set_password", endpoint=set_first_password, methods=["POST"]) | api_router.add_api_route("/set_password", endpoint=set_first_password, methods=["POST"]) | ||||||
|  | api_router.add_api_route("/register", endpoint=register, methods=["POST"]) | ||||||
| api_router.add_api_route("/logout", endpoint=logout, methods=["POST"]) | api_router.add_api_route("/logout", endpoint=logout, methods=["POST"]) | ||||||
| app.include_router(api_router) | app.include_router(api_router) | ||||||
| app.mount("/", SPAStaticFiles(directory="dist", html=True), name="site") |  | ||||||
|  |  | ||||||
|  | # app.mount("/", SPAStaticFiles(directory="dist", html=True), name="site") | ||||||
|  | @app.get("/") | ||||||
|  | async def root(): | ||||||
|  |     return FileResponse("dist/index.html") | ||||||
|  |  | ||||||
|  |  | ||||||
|  | @app.exception_handler(404) | ||||||
|  | async def exception_404_handler(request, exc): | ||||||
|  |     return FileResponse("dist/index.html") | ||||||
|  |  | ||||||
|  |  | ||||||
|  | app.mount("/", StaticFiles(directory="dist"), name="ui") | ||||||
|   | |||||||
| @@ -145,8 +145,22 @@ async def list_all_players(): | |||||||
|         return session.exec(select(P)).all() |         return session.exec(select(P)).all() | ||||||
|  |  | ||||||
|  |  | ||||||
| async def list_players(team_id: int): | async def list_players( | ||||||
|  |     team_id: int, user: Annotated[Player, Depends(get_current_active_user)] | ||||||
|  | ): | ||||||
|     with Session(engine) as session: |     with Session(engine) as session: | ||||||
|  |         current_user = session.exec( | ||||||
|  |             select(P) | ||||||
|  |             .join(PlayerTeamLink) | ||||||
|  |             .join(Team) | ||||||
|  |             .where(Team.id == team_id, P.disabled == False, P.id == user.id) | ||||||
|  |         ).one_or_none() | ||||||
|  |         if not current_user: | ||||||
|  |             raise HTTPException( | ||||||
|  |                 status_code=status.HTTP_400_BAD_REQUEST, | ||||||
|  |                 detail="you're not in this team", | ||||||
|  |             ) | ||||||
|  |  | ||||||
|         players = session.exec( |         players = session.exec( | ||||||
|             select(P) |             select(P) | ||||||
|             .join(PlayerTeamLink) |             .join(PlayerTeamLink) | ||||||
| @@ -187,7 +201,6 @@ player_router.add_api_route( | |||||||
|     "/{team_id}/list", |     "/{team_id}/list", | ||||||
|     endpoint=list_players, |     endpoint=list_players, | ||||||
|     methods=["GET"], |     methods=["GET"], | ||||||
|     dependencies=[Depends(get_current_active_user)], |  | ||||||
| ) | ) | ||||||
| player_router.add_api_route( | player_router.add_api_route( | ||||||
|     "/list", |     "/list", | ||||||
|   | |||||||
							
								
								
									
										188
									
								
								cutt/security.py
									
									
									
									
									
								
							
							
						
						
									
										188
									
								
								cutt/security.py
									
									
									
									
									
								
							| @@ -6,7 +6,7 @@ from pydantic import BaseModel, ValidationError | |||||||
| import jwt | import jwt | ||||||
| from jwt.exceptions import ExpiredSignatureError, InvalidTokenError | from jwt.exceptions import ExpiredSignatureError, InvalidTokenError | ||||||
| from sqlmodel import Session, select | from sqlmodel import Session, select | ||||||
| from cutt.db import TokenDB, engine, Player | from cutt.db import PlayerTeamLink, Team, TokenDB, engine, Player | ||||||
| from fastapi.security import ( | from fastapi.security import ( | ||||||
|     OAuth2PasswordBearer, |     OAuth2PasswordBearer, | ||||||
|     OAuth2PasswordRequestForm, |     OAuth2PasswordRequestForm, | ||||||
| @@ -16,6 +16,8 @@ from pydantic_settings import BaseSettings, SettingsConfigDict | |||||||
| from passlib.context import CryptContext | from passlib.context import CryptContext | ||||||
| from sqlalchemy.exc import OperationalError | from sqlalchemy.exc import OperationalError | ||||||
|  |  | ||||||
|  | P = Player | ||||||
|  |  | ||||||
|  |  | ||||||
| class Config(BaseSettings): | class Config(BaseSettings): | ||||||
|     secret_key: str = "" |     secret_key: str = "" | ||||||
| @@ -208,72 +210,94 @@ async def logout(response: Response): | |||||||
|     return {"message": "Successfully logged out"} |     return {"message": "Successfully logged out"} | ||||||
|  |  | ||||||
|  |  | ||||||
| def generate_one_time_token(username): | def set_password_token(username: str): | ||||||
|     user = get_user(username) |     user = get_user(username) | ||||||
|     if user: |     if user: | ||||||
|         expire = timedelta(days=7) |         expire = timedelta(days=30) | ||||||
|         token = create_access_token( |         token = create_access_token( | ||||||
|             data={"sub": username, "name": user.display_name}, |             data={ | ||||||
|  |                 "sub": "set password", | ||||||
|  |                 "username": username, | ||||||
|  |                 "name": user.display_name, | ||||||
|  |             }, | ||||||
|             expires_delta=expire, |             expires_delta=expire, | ||||||
|         ) |         ) | ||||||
|         return token |         return token | ||||||
|  |  | ||||||
|  |  | ||||||
|  | def register_token(team_id: int): | ||||||
|  |     with Session(engine) as session: | ||||||
|  |         team = session.exec(select(Team).where(Team.id == team_id)).one() | ||||||
|  |         if team: | ||||||
|  |             expire = timedelta(days=30) | ||||||
|  |             token = create_access_token( | ||||||
|  |                 data={"sub": "register", "team_id": team_id, "name": team.name}, | ||||||
|  |                 expires_delta=expire, | ||||||
|  |             ) | ||||||
|  |             return token | ||||||
|  |  | ||||||
|  |  | ||||||
|  | def verify_one_time_token(token: str): | ||||||
|  |     credentials_exception = HTTPException( | ||||||
|  |         status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |         detail="could not validate token", | ||||||
|  |     ) | ||||||
|  |     with Session(engine) as session: | ||||||
|  |         token_in_db = session.exec( | ||||||
|  |             select(TokenDB).where(TokenDB.token == token).where(TokenDB.used == False) | ||||||
|  |         ).one_or_none() | ||||||
|  |         if token_in_db: | ||||||
|  |             try: | ||||||
|  |                 payload = jwt.decode(token, config.secret_key, algorithms=["HS256"]) | ||||||
|  |                 return payload | ||||||
|  |             except ExpiredSignatureError: | ||||||
|  |                 raise HTTPException( | ||||||
|  |                     status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |                     detail="access token expired", | ||||||
|  |                 ) | ||||||
|  |             except (InvalidTokenError, ValidationError): | ||||||
|  |                 raise credentials_exception | ||||||
|  |         elif session.exec( | ||||||
|  |             select(TokenDB).where(TokenDB.token == token).where(TokenDB.used == True) | ||||||
|  |         ).one_or_none(): | ||||||
|  |             raise HTTPException( | ||||||
|  |                 status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |                 detail="token already used", | ||||||
|  |             ) | ||||||
|  |         else: | ||||||
|  |             raise credentials_exception | ||||||
|  |  | ||||||
|  |  | ||||||
|  | def invalidate_one_time_token(token: str): | ||||||
|  |     with Session(engine) as session: | ||||||
|  |         token_in_db = session.exec(select(TokenDB).where(TokenDB.token == token)).one() | ||||||
|  |         token_in_db.used = True | ||||||
|  |         session.add(token_in_db) | ||||||
|  |         session.commit() | ||||||
|  |  | ||||||
|  |  | ||||||
| class FirstPassword(BaseModel): | class FirstPassword(BaseModel): | ||||||
|     token: str |     token: str | ||||||
|     password: str |     password: str | ||||||
|  |  | ||||||
|  |  | ||||||
| async def set_first_password(req: FirstPassword): | async def set_first_password(req: FirstPassword): | ||||||
|     credentials_exception = HTTPException( |     payload = verify_one_time_token(req.token) | ||||||
|         status_code=status.HTTP_401_UNAUTHORIZED, |     action: str = payload.get("sub") | ||||||
|         detail="Could not validate token", |     if action != "set password": | ||||||
|     ) |         raise HTTPException( | ||||||
|  |             status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |             detail="wrong type of token.", | ||||||
|  |         ) | ||||||
|  |     username: str = payload.get("username") | ||||||
|     with Session(engine) as session: |     with Session(engine) as session: | ||||||
|         token_in_db = session.exec( |         user = get_user(username) | ||||||
|             select(TokenDB) |         if user: | ||||||
|             .where(TokenDB.token == req.token) |             user.hashed_password = get_password_hash(req.password) | ||||||
|             .where(TokenDB.used == False) |             session.add(user) | ||||||
|         ).one_or_none() |             session.commit() | ||||||
|         if token_in_db: |             invalidate_one_time_token(req.token) | ||||||
|             credentials_exception = HTTPException( |             return Response("password set successfully", status_code=status.HTTP_200_OK) | ||||||
|                 status_code=status.HTTP_401_UNAUTHORIZED, |  | ||||||
|                 detail="Could not validate token", |  | ||||||
|             ) |  | ||||||
|             try: |  | ||||||
|                 payload = jwt.decode(req.token, config.secret_key, algorithms=["HS256"]) |  | ||||||
|                 username: str = payload.get("sub") |  | ||||||
|                 if username is None: |  | ||||||
|                     raise credentials_exception |  | ||||||
|             except ExpiredSignatureError: |  | ||||||
|                 raise HTTPException( |  | ||||||
|                     status_code=status.HTTP_401_UNAUTHORIZED, |  | ||||||
|                     detail="Access token expired", |  | ||||||
|                 ) |  | ||||||
|             except (InvalidTokenError, ValidationError): |  | ||||||
|                 raise credentials_exception |  | ||||||
|  |  | ||||||
|             user = get_user(username) |  | ||||||
|             if user: |  | ||||||
|                 user.hashed_password = get_password_hash(req.password) |  | ||||||
|                 session.add(user) |  | ||||||
|                 token_in_db.used = True |  | ||||||
|                 session.add(token_in_db) |  | ||||||
|                 session.commit() |  | ||||||
|                 return Response( |  | ||||||
|                     "Password set successfully", status_code=status.HTTP_200_OK |  | ||||||
|                 ) |  | ||||||
|         elif session.exec( |  | ||||||
|             select(TokenDB) |  | ||||||
|             .where(TokenDB.token == req.token) |  | ||||||
|             .where(TokenDB.used == True) |  | ||||||
|         ).one_or_none(): |  | ||||||
|             raise HTTPException( |  | ||||||
|                 status_code=status.HTTP_401_UNAUTHORIZED, |  | ||||||
|                 detail="Token already used", |  | ||||||
|             ) |  | ||||||
|         else: |  | ||||||
|             raise credentials_exception |  | ||||||
|  |  | ||||||
|  |  | ||||||
| class ChangedPassword(BaseModel): | class ChangedPassword(BaseModel): | ||||||
| @@ -295,17 +319,73 @@ async def change_password( | |||||||
|             session.add(user) |             session.add(user) | ||||||
|             session.commit() |             session.commit() | ||||||
|             return PlainTextResponse( |             return PlainTextResponse( | ||||||
|                 "Password changed successfully", |                 "password changed successfully", | ||||||
|                 status_code=status.HTTP_200_OK, |                 status_code=status.HTTP_200_OK, | ||||||
|                 media_type="text/plain", |                 media_type="text/plain", | ||||||
|             ) |             ) | ||||||
|     else: |     else: | ||||||
|         raise HTTPException( |         raise HTTPException( | ||||||
|             status_code=status.HTTP_400_BAD_REQUEST, |             status_code=status.HTTP_400_BAD_REQUEST, | ||||||
|             detail="Wrong password", |             detail="wrong password", | ||||||
|         ) |         ) | ||||||
|  |  | ||||||
|  |  | ||||||
|  | class RegisterRequest(BaseModel): | ||||||
|  |     token: str | ||||||
|  |     team_id: int | ||||||
|  |     display_name: str | ||||||
|  |     username: str | ||||||
|  |     password: str | ||||||
|  |     email: str | None | ||||||
|  |     number: str | None | ||||||
|  |  | ||||||
|  |  | ||||||
|  | async def register(req: RegisterRequest): | ||||||
|  |     payload = verify_one_time_token(req.token) | ||||||
|  |     action: str = payload.get("sub") | ||||||
|  |     if action != "register": | ||||||
|  |         raise HTTPException( | ||||||
|  |             status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |             detail="wrong type of token.", | ||||||
|  |         ) | ||||||
|  |     team_id: int = payload.get("team_id") | ||||||
|  |     if team_id != req.team_id: | ||||||
|  |         raise HTTPException( | ||||||
|  |             status_code=status.HTTP_401_UNAUTHORIZED, | ||||||
|  |             detail="wrong team", | ||||||
|  |         ) | ||||||
|  |     with Session(engine) as session: | ||||||
|  |         if session.exec(select(P).where(P.username == req.username)).one_or_none(): | ||||||
|  |             raise HTTPException( | ||||||
|  |                 status_code=status.HTTP_400_BAD_REQUEST, | ||||||
|  |                 detail="username exists", | ||||||
|  |             ) | ||||||
|  |         stmt = ( | ||||||
|  |             select(P) | ||||||
|  |             .join(PlayerTeamLink) | ||||||
|  |             .join(Team) | ||||||
|  |             .where(Team.id == team_id, P.display_name == req.display_name) | ||||||
|  |         ) | ||||||
|  |         if session.exec(stmt).one_or_none(): | ||||||
|  |             raise HTTPException( | ||||||
|  |                 status_code=status.HTTP_400_BAD_REQUEST, | ||||||
|  |                 detail="the name is already taken on this team", | ||||||
|  |             ) | ||||||
|  |         team = session.exec(select(Team).where(Team.id == team_id)).one() | ||||||
|  |         new_player = Player( | ||||||
|  |             username=req.username, | ||||||
|  |             display_name=req.display_name, | ||||||
|  |             email=req.email if req.email else None, | ||||||
|  |             number=req.number, | ||||||
|  |             disabled=False, | ||||||
|  |             teams=[team], | ||||||
|  |         ) | ||||||
|  |         session.add(new_player) | ||||||
|  |         session.commit() | ||||||
|  |         invalidate_one_time_token(req.token) | ||||||
|  |         return PlainTextResponse(f"added {new_player.display_name}") | ||||||
|  |  | ||||||
|  |  | ||||||
| async def read_player_me( | async def read_player_me( | ||||||
|     current_user: Annotated[Player, Depends(get_current_active_user)], |     current_user: Annotated[Player, Depends(get_current_active_user)], | ||||||
| ): | ): | ||||||
|   | |||||||
							
								
								
									
										12
									
								
								src/App.tsx
									
									
									
									
									
								
							
							
						
						
									
										12
									
								
								src/App.tsx
									
									
									
									
									
								
							| @@ -9,7 +9,7 @@ import { GraphComponent } from "./Network"; | |||||||
| import MVPChart from "./MVPChart"; | import MVPChart from "./MVPChart"; | ||||||
| import { SetPassword } from "./SetPassword"; | import { SetPassword } from "./SetPassword"; | ||||||
| import { ThemeProvider } from "./ThemeProvider"; | import { ThemeProvider } from "./ThemeProvider"; | ||||||
| import { TeamPanel } from "./TeamPanel"; | import TeamPanel from "./TeamPanel"; | ||||||
|  |  | ||||||
| const Maintenance = () => { | const Maintenance = () => { | ||||||
|   return ( |   return ( | ||||||
| @@ -34,11 +34,11 @@ function App() { | |||||||
|                 <Header /> |                 <Header /> | ||||||
|                 <Routes> |                 <Routes> | ||||||
|                   <Route index element={<Rankings />} /> |                   <Route index element={<Rankings />} /> | ||||||
|                   <Route path="/network" element={<GraphComponent />} /> |                   <Route path="network" element={<GraphComponent />} /> | ||||||
|                   <Route path="/analysis" element={<Analysis />} /> |                   <Route path="analysis" element={<Analysis />} /> | ||||||
|                   <Route path="/mvp" element={<MVPChart />} /> |                   <Route path="mvp" element={<MVPChart />} /> | ||||||
|                   <Route path="/changepassword" element={<SetPassword />} /> |                   <Route path="changepassword" element={<SetPassword />} /> | ||||||
|                   <Route path="/team" element={<TeamPanel />} /> |                   <Route path="team" element={<TeamPanel />} /> | ||||||
|                 </Routes> |                 </Routes> | ||||||
|                 <Footer /> |                 <Footer /> | ||||||
|               </SessionProvider> |               </SessionProvider> | ||||||
|   | |||||||
| @@ -148,11 +148,10 @@ export default function Avatar() { | |||||||
|  |  | ||||||
|   return ( |   return ( | ||||||
|     <> |     <> | ||||||
|       <div className="avatars"> |       <div className="avatars" style={{ display: user ? "block" : "none" }}> | ||||||
|         <div |         <div | ||||||
|           className="avatar" |           className="avatar" | ||||||
|           onContextMenu={handleMenuClick} |           onContextMenu={handleMenuClick} | ||||||
|           style={{ display: user ? "block" : "none" }} |  | ||||||
|           onClick={(event) => { |           onClick={(event) => { | ||||||
|             if (contextMenu.open && event.target === avatarRef.current) { |             if (contextMenu.open && event.target === avatarRef.current) { | ||||||
|               handleMenuClose(); |               handleMenuClose(); | ||||||
|   | |||||||
| @@ -3,6 +3,7 @@ import { apiAuth } from "./api"; | |||||||
| import { PlayerRanking } from "./types"; | import { PlayerRanking } from "./types"; | ||||||
| import RaceChart from "./RaceChart"; | import RaceChart from "./RaceChart"; | ||||||
| import { useSession } from "./Session"; | import { useSession } from "./Session"; | ||||||
|  | import { useNavigate } from "react-router"; | ||||||
|  |  | ||||||
| const MVPChart = () => { | const MVPChart = () => { | ||||||
|   let initialData = {} as PlayerRanking[]; |   let initialData = {} as PlayerRanking[]; | ||||||
| @@ -10,7 +11,12 @@ const MVPChart = () => { | |||||||
|   const [loading, setLoading] = useState(true); |   const [loading, setLoading] = useState(true); | ||||||
|   const [error, setError] = useState(""); |   const [error, setError] = useState(""); | ||||||
|   const [showStd, setShowStd] = useState(false); |   const [showStd, setShowStd] = useState(false); | ||||||
|   const { teams } = useSession(); |   const { user, teams } = useSession(); | ||||||
|  |   const navigate = useNavigate(); | ||||||
|  |   useEffect(() => { | ||||||
|  |     user?.scopes.includes(`team:${teams?.activeTeam}`) || | ||||||
|  |       navigate("/", { replace: true }); | ||||||
|  |   }, [user]); | ||||||
|  |  | ||||||
|   async function loadData() { |   async function loadData() { | ||||||
|     setLoading(true); |     setLoading(true); | ||||||
|   | |||||||
| @@ -11,6 +11,7 @@ import { | |||||||
| } from "reagraph"; | } from "reagraph"; | ||||||
| import { customTheme } from "./NetworkTheme"; | import { customTheme } from "./NetworkTheme"; | ||||||
| import { useSession } from "./Session"; | import { useSession } from "./Session"; | ||||||
|  | import { useNavigate } from "react-router"; | ||||||
|  |  | ||||||
| interface NetworkData { | interface NetworkData { | ||||||
|   nodes: GraphNode[]; |   nodes: GraphNode[]; | ||||||
| @@ -45,7 +46,12 @@ export const GraphComponent = () => { | |||||||
|   const [likes, setLikes] = useState(2); |   const [likes, setLikes] = useState(2); | ||||||
|   const [popularity, setPopularity] = useState(false); |   const [popularity, setPopularity] = useState(false); | ||||||
|   const [mutuality, setMutuality] = useState(false); |   const [mutuality, setMutuality] = useState(false); | ||||||
|   const { teams } = useSession(); |   const { user, teams } = useSession(); | ||||||
|  |   const navigate = useNavigate(); | ||||||
|  |   useEffect(() => { | ||||||
|  |     user?.scopes.includes(`team:${teams?.activeTeam}`) || | ||||||
|  |       navigate("/", { replace: true }); | ||||||
|  |   }, [user]); | ||||||
|  |  | ||||||
|   async function loadData() { |   async function loadData() { | ||||||
|     setLoading(true); |     setLoading(true); | ||||||
|   | |||||||
| @@ -62,8 +62,10 @@ export function SessionProvider(props: SessionProviderProps) { | |||||||
|  |  | ||||||
|   useEffect(() => { |   useEffect(() => { | ||||||
|     loadUser(); |     loadUser(); | ||||||
|     loadTeam(); |  | ||||||
|   }, []); |   }, []); | ||||||
|  |   useEffect(() => { | ||||||
|  |     loadTeam(); | ||||||
|  |   }, [user]); | ||||||
|  |  | ||||||
|   function onLogin(user: User) { |   function onLogin(user: User) { | ||||||
|     setUser(user); |     setUser(user); | ||||||
|   | |||||||
| @@ -1,17 +1,29 @@ | |||||||
| import { jwtDecode, JwtPayload } from "jwt-decode"; | import { jwtDecode, JwtPayload } from "jwt-decode"; | ||||||
| import { useEffect, useState } from "react"; | import { ReactNode, useEffect, useState } from "react"; | ||||||
| import { apiAuth, baseUrl } from "./api"; | import { apiAuth, baseUrl, User } from "./api"; | ||||||
| import { useNavigate } from "react-router"; | import { useNavigate } from "react-router"; | ||||||
| import { Eye, EyeSlash } from "./Icons"; | import { Eye, EyeSlash } from "./Icons"; | ||||||
| import { useSession } from "./Session"; | import { useSession } from "./Session"; | ||||||
|  | import { relative } from "path"; | ||||||
|  | import Header from "./Header"; | ||||||
|  |  | ||||||
| interface SetPassToken extends JwtPayload { | interface PassToken extends JwtPayload { | ||||||
|  |   username: string; | ||||||
|   name: string; |   name: string; | ||||||
|  |   team_id: number; | ||||||
|  | } | ||||||
|  |  | ||||||
|  | enum Mode { | ||||||
|  |   register = "register", | ||||||
|  |   set = "set password", | ||||||
|  |   change = "change password", | ||||||
| } | } | ||||||
|  |  | ||||||
| export const SetPassword = () => { | export const SetPassword = () => { | ||||||
|  |   const [mode, setMode] = useState<Mode>(); | ||||||
|   const [name, setName] = useState("after getting your token."); |   const [name, setName] = useState("after getting your token."); | ||||||
|   const [username, setUsername] = useState(""); |   const [username, setUsername] = useState(""); | ||||||
|  |   const [teamID, setTeamID] = useState<number>(); | ||||||
|   const [currentPassword, setCurrentPassword] = useState(""); |   const [currentPassword, setCurrentPassword] = useState(""); | ||||||
|   const [password, setPassword] = useState(""); |   const [password, setPassword] = useState(""); | ||||||
|   const [passwordr, setPasswordr] = useState(""); |   const [passwordr, setPasswordr] = useState(""); | ||||||
| @@ -19,36 +31,22 @@ export const SetPassword = () => { | |||||||
|   const [error, setError] = useState(""); |   const [error, setError] = useState(""); | ||||||
|   const [loading, setLoading] = useState(false); |   const [loading, setLoading] = useState(false); | ||||||
|   const [visible, setVisible] = useState(false); |   const [visible, setVisible] = useState(false); | ||||||
|  |   const newPlayerTemplate = { | ||||||
|  |     username: "", | ||||||
|  |     display_name: "", | ||||||
|  |     number: "", | ||||||
|  |     email: "", | ||||||
|  |   } as User; | ||||||
|  |   const [player, setPlayer] = useState(newPlayerTemplate); | ||||||
|   const navigate = useNavigate(); |   const navigate = useNavigate(); | ||||||
|   const { user } = useSession(); |   const { user } = useSession(); | ||||||
|  |  | ||||||
|   useEffect(() => { |  | ||||||
|     if (user) { |  | ||||||
|       setUsername(user.username); |  | ||||||
|       setName(user.display_name); |  | ||||||
|     } else { |  | ||||||
|       const params = new URLSearchParams(window.location.search); |  | ||||||
|       const token = params.get("token"); |  | ||||||
|       if (token) { |  | ||||||
|         setToken(token); |  | ||||||
|         try { |  | ||||||
|           const payload = jwtDecode<SetPassToken>(token); |  | ||||||
|           if (payload.name) setName(payload.name); |  | ||||||
|           else if (payload.sub) setName(payload.sub); |  | ||||||
|           else setName("Mr. I-have-no Token"); |  | ||||||
|           payload.sub && setUsername(payload.sub); |  | ||||||
|         } catch (InvalidTokenError) { |  | ||||||
|           setName("Mr. I-have-no-valid Token"); |  | ||||||
|         } |  | ||||||
|       } |  | ||||||
|     } |  | ||||||
|   }, []); |  | ||||||
|  |  | ||||||
|   async function handleSubmit(e: React.FormEvent) { |   async function handleSubmit(e: React.FormEvent) { | ||||||
|     e.preventDefault(); |     e.preventDefault(); | ||||||
|     if (password === passwordr) { |     if (password === passwordr) { | ||||||
|       setLoading(true); |       setLoading(true); | ||||||
|       if (user) { |       if (mode === Mode.change) { | ||||||
|  |         //====CHANGING PASSWORD==== | ||||||
|         const resp = await apiAuth( |         const resp = await apiAuth( | ||||||
|           "player/change_password", |           "player/change_password", | ||||||
|           { current_password: currentPassword, new_password: password }, |           { current_password: currentPassword, new_password: password }, | ||||||
| @@ -60,7 +58,8 @@ export const SetPassword = () => { | |||||||
|           setError(resp); |           setError(resp); | ||||||
|           setTimeout(() => navigate("/"), 2000); |           setTimeout(() => navigate("/"), 2000); | ||||||
|         } |         } | ||||||
|       } else { |       } else if (mode === Mode.set) { | ||||||
|  |         //====SETTING PASSWORD==== | ||||||
|         const req = new Request(`${baseUrl}api/set_password`, { |         const req = new Request(`${baseUrl}api/set_password`, { | ||||||
|           method: "POST", |           method: "POST", | ||||||
|           headers: { |           headers: { | ||||||
| @@ -92,106 +91,240 @@ export const SetPassword = () => { | |||||||
|             throw new Error("Unauthorized"); |             throw new Error("Unauthorized"); | ||||||
|           } |           } | ||||||
|         } |         } | ||||||
|  |       } else if (mode === Mode.register) { | ||||||
|  |         //====REGISTER NEW USER==== | ||||||
|  |         const req = new Request(`${baseUrl}api/register`, { | ||||||
|  |           method: "POST", | ||||||
|  |           headers: { | ||||||
|  |             "Content-Type": "application/json", | ||||||
|  |           }, | ||||||
|  |           body: JSON.stringify({ | ||||||
|  |             ...player, | ||||||
|  |             team_id: teamID, | ||||||
|  |             token: token, | ||||||
|  |             password: password, | ||||||
|  |           }), | ||||||
|  |         }); | ||||||
|  |         let resp: Response; | ||||||
|  |         try { | ||||||
|  |           resp = await fetch(req); | ||||||
|  |         } catch (e) { | ||||||
|  |           throw new Error(`request failed: ${e}`); | ||||||
|  |         } | ||||||
|  |         setLoading(false); | ||||||
|  |  | ||||||
|  |         if (resp.ok) { | ||||||
|  |           console.log(resp); | ||||||
|  |           navigate("/", { | ||||||
|  |             replace: true, | ||||||
|  |             state: { username: player.username, password: password }, | ||||||
|  |           }); | ||||||
|  |         } | ||||||
|  |  | ||||||
|  |         if (!resp.ok) { | ||||||
|  |           const { detail } = await resp.json(); | ||||||
|  |           if (detail) setError(detail); | ||||||
|  |           else setError("unauthorized"); | ||||||
|  |           throw new Error("Unauthorized"); | ||||||
|  |         } | ||||||
|       } |       } | ||||||
|     } else setError("passwords are not the same"); |     } else setError("passwords are not the same"); | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   return ( |   useEffect(() => { | ||||||
|  |     if (user) { | ||||||
|  |       setUsername(user.username); | ||||||
|  |       setName(user.display_name); | ||||||
|  |       setMode(Mode.change); | ||||||
|  |     } else { | ||||||
|  |       const params = new URLSearchParams(window.location.search); | ||||||
|  |       const token = params.get("token"); | ||||||
|  |       if (token) { | ||||||
|  |         setToken(token); | ||||||
|  |         try { | ||||||
|  |           const payload = jwtDecode<PassToken>(token); | ||||||
|  |           console.log(payload); | ||||||
|  |           switch (payload.sub) { | ||||||
|  |             case "register": | ||||||
|  |               setMode(Mode.register); | ||||||
|  |               if (payload.team_id) setTeamID(payload.team_id); | ||||||
|  |               break; | ||||||
|  |             case "set password": | ||||||
|  |               setMode(Mode.set); | ||||||
|  |               if (payload.username) setUsername(payload.username); | ||||||
|  |               break; | ||||||
|  |           } | ||||||
|  |           if (payload.name) setName(payload.name); | ||||||
|  |         } catch (InvalidTokenError) { | ||||||
|  |           setName("Mr. I-have-no-valid Token"); | ||||||
|  |         } | ||||||
|  |       } | ||||||
|  |     } | ||||||
|  |   }, []); | ||||||
|  |  | ||||||
|  |   let header: ReactNode; | ||||||
|  |   switch (mode) { | ||||||
|  |     case Mode.change: | ||||||
|  |       header = <h2>change your password, {name}</h2>; | ||||||
|  |       break; | ||||||
|  |     case Mode.set: | ||||||
|  |       header = ( | ||||||
|  |         <> | ||||||
|  |           <Header /> | ||||||
|  |           <h2>set your password, {name}</h2> | ||||||
|  |         </> | ||||||
|  |       ); | ||||||
|  |       break; | ||||||
|  |     case Mode.register: | ||||||
|  |       header = ( | ||||||
|  |         <> | ||||||
|  |           <Header /> | ||||||
|  |           <h2> | ||||||
|  |             register as a member of <i>{name}</i> | ||||||
|  |           </h2> | ||||||
|  |         </> | ||||||
|  |       ); | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   let textInputs: ReactNode; | ||||||
|  |   switch (mode) { | ||||||
|  |     case Mode.change: | ||||||
|  |       textInputs = ( | ||||||
|  |         <div> | ||||||
|  |           <input | ||||||
|  |             type={visible ? "text" : "password"} | ||||||
|  |             id="password" | ||||||
|  |             name="password" | ||||||
|  |             placeholder="current password" | ||||||
|  |             minLength={8} | ||||||
|  |             value={currentPassword} | ||||||
|  |             required | ||||||
|  |             onChange={(evt) => { | ||||||
|  |               setError(""); | ||||||
|  |               setCurrentPassword(evt.target.value); | ||||||
|  |             }} | ||||||
|  |           /> | ||||||
|  |           <hr style={{ margin: "8px" }} /> | ||||||
|  |         </div> | ||||||
|  |       ); | ||||||
|  |       break; | ||||||
|  |     case Mode.register: | ||||||
|  |       textInputs = ( | ||||||
|  |         <div className="new-player-inputs"> | ||||||
|  |           <div> | ||||||
|  |             <label>name</label> | ||||||
|  |             <input | ||||||
|  |               type="text" | ||||||
|  |               required | ||||||
|  |               value={player.display_name} | ||||||
|  |               onChange={(e) => { | ||||||
|  |                 setPlayer({ | ||||||
|  |                   ...player, | ||||||
|  |                   display_name: e.target.value, | ||||||
|  |                   username: e.target.value.toLowerCase().replace(/\W/g, ""), | ||||||
|  |                 }); | ||||||
|  |               }} | ||||||
|  |             /> | ||||||
|  |           </div> | ||||||
|  |           <div> | ||||||
|  |             <label>username</label> | ||||||
|  |             <input | ||||||
|  |               type="text" | ||||||
|  |               required | ||||||
|  |               value={player.username} | ||||||
|  |               onChange={(e) => { | ||||||
|  |                 setPlayer({ ...player, username: e.target.value }); | ||||||
|  |               }} | ||||||
|  |             /> | ||||||
|  |           </div> | ||||||
|  |           <div> | ||||||
|  |             <label>number (optional)</label> | ||||||
|  |             <input | ||||||
|  |               type="text" | ||||||
|  |               value={player.number || ""} | ||||||
|  |               onChange={(e) => { | ||||||
|  |                 setPlayer({ ...player, number: e.target.value }); | ||||||
|  |               }} | ||||||
|  |             /> | ||||||
|  |           </div> | ||||||
|  |           <div> | ||||||
|  |             <label>email (optional)</label> | ||||||
|  |             <input | ||||||
|  |               type="email" | ||||||
|  |               value={player.email || ""} | ||||||
|  |               onChange={(e) => { | ||||||
|  |                 setPlayer({ ...player, email: e.target.value }); | ||||||
|  |               }} | ||||||
|  |             /> | ||||||
|  |           </div> | ||||||
|  |           <hr style={{ margin: "8px" }} /> | ||||||
|  |         </div> | ||||||
|  |       ); | ||||||
|  |       break; | ||||||
|  |   } | ||||||
|  |  | ||||||
|  |   let passwordInputs = ( | ||||||
|     <> |     <> | ||||||
|       {user ? ( |       <div> | ||||||
|         <h2> change your password </h2> |         <input | ||||||
|       ) : ( |           type={visible ? "text" : "password"} | ||||||
|         <h2> |           id="password" | ||||||
|           set your password, |           name="password" | ||||||
|           <br /> |           placeholder="password" | ||||||
|           {name} |           minLength={8} | ||||||
|         </h2> |           value={password} | ||||||
|       )} |           required | ||||||
|       {!user && username && ( |           onChange={(evt) => { | ||||||
|         <span> |             setError(""); | ||||||
|           your username is: <i>{username}</i> |             setPassword(evt.target.value); | ||||||
|         </span> |           }} | ||||||
|       )} |         /> | ||||||
|  |       </div> | ||||||
|  |       <div> | ||||||
|  |         <input | ||||||
|  |           type={visible ? "text" : "password"} | ||||||
|  |           id="password-repeat" | ||||||
|  |           name="password-repeat" | ||||||
|  |           placeholder="repeat password" | ||||||
|  |           minLength={8} | ||||||
|  |           value={passwordr} | ||||||
|  |           required | ||||||
|  |           onChange={(evt) => { | ||||||
|  |             setError(""); | ||||||
|  |             setPasswordr(evt.target.value); | ||||||
|  |           }} | ||||||
|  |         /> | ||||||
|  |       </div> | ||||||
|  |     </> | ||||||
|  |   ); | ||||||
|  |  | ||||||
|  |   return mode ? ( | ||||||
|  |     <> | ||||||
|  |       {header} | ||||||
|  |       <hr style={{ width: "100%" }} /> | ||||||
|       <form onSubmit={handleSubmit}> |       <form onSubmit={handleSubmit}> | ||||||
|         <div |         <div | ||||||
|           style={{ |           style={{ | ||||||
|             display: "flex", |             display: "flex", | ||||||
|             alignItems: "center", |             alignItems: "center", | ||||||
|  |             justifyContent: "center", | ||||||
|  |             flexDirection: "column", | ||||||
|           }} |           }} | ||||||
|         > |         > | ||||||
|           <div |           {textInputs} | ||||||
|             style={{ |           {passwordInputs} | ||||||
|               marginLeft: "48px", |  | ||||||
|               marginRight: "8px", |  | ||||||
|               display: "flex", |  | ||||||
|               justifyContent: "center", |  | ||||||
|               flexDirection: "column", |  | ||||||
|             }} |  | ||||||
|           > |  | ||||||
|             {user && ( |  | ||||||
|               <div> |  | ||||||
|                 <input |  | ||||||
|                   type={visible ? "text" : "password"} |  | ||||||
|                   id="password" |  | ||||||
|                   name="password" |  | ||||||
|                   placeholder="current password" |  | ||||||
|                   minLength={8} |  | ||||||
|                   value={currentPassword} |  | ||||||
|                   required |  | ||||||
|                   onChange={(evt) => { |  | ||||||
|                     setError(""); |  | ||||||
|                     setCurrentPassword(evt.target.value); |  | ||||||
|                   }} |  | ||||||
|                 /> |  | ||||||
|                 <hr |  | ||||||
|                   style={{ |  | ||||||
|                     margin: "8px", |  | ||||||
|                     borderStyle: "inset", |  | ||||||
|                     display: "block", |  | ||||||
|                   }} |  | ||||||
|                 /> |  | ||||||
|               </div> |  | ||||||
|             )} |  | ||||||
|             <div> |  | ||||||
|               <input |  | ||||||
|                 type={visible ? "text" : "password"} |  | ||||||
|                 id="password" |  | ||||||
|                 name="password" |  | ||||||
|                 placeholder="password" |  | ||||||
|                 minLength={8} |  | ||||||
|                 value={password} |  | ||||||
|                 required |  | ||||||
|                 onChange={(evt) => { |  | ||||||
|                   setError(""); |  | ||||||
|                   setPassword(evt.target.value); |  | ||||||
|                 }} |  | ||||||
|               /> |  | ||||||
|             </div> |  | ||||||
|             <div> |  | ||||||
|               <input |  | ||||||
|                 type={visible ? "text" : "password"} |  | ||||||
|                 id="password-repeat" |  | ||||||
|                 name="password-repeat" |  | ||||||
|                 placeholder="repeat password" |  | ||||||
|                 minLength={8} |  | ||||||
|                 value={passwordr} |  | ||||||
|                 required |  | ||||||
|                 onChange={(evt) => { |  | ||||||
|                   setError(""); |  | ||||||
|                   setPasswordr(evt.target.value); |  | ||||||
|                 }} |  | ||||||
|               /> |  | ||||||
|             </div> |  | ||||||
|           </div> |  | ||||||
|           <div |           <div | ||||||
|             style={{ |             style={{ | ||||||
|               background: "unset", |               background: "unset", | ||||||
|               fontSize: "xx-large", |               fontSize: "medium", | ||||||
|               cursor: "pointer", |               cursor: "pointer", | ||||||
|  |               display: "flex", | ||||||
|  |               alignItems: "center", | ||||||
|  |               gap: "8px", | ||||||
|             }} |             }} | ||||||
|             onClick={() => setVisible(!visible)} |             onClick={() => setVisible(!visible)} | ||||||
|           > |           > | ||||||
|             {visible ? <Eye /> : <EyeSlash />} |             {visible ? <Eye /> : <EyeSlash />} show passwords | ||||||
|           </div> |           </div> | ||||||
|         </div> |         </div> | ||||||
|         <div>{error && <span style={{ color: "red" }}>{error}</span>}</div> |         <div>{error && <span style={{ color: "red" }}>{error}</span>}</div> | ||||||
| @@ -201,5 +334,7 @@ export const SetPassword = () => { | |||||||
|         {loading && <span className="loader" />} |         {loading && <span className="loader" />} | ||||||
|       </form> |       </form> | ||||||
|     </> |     </> | ||||||
|  |   ) : ( | ||||||
|  |     <span className="loader" /> | ||||||
|   ); |   ); | ||||||
| }; | }; | ||||||
|   | |||||||
| @@ -2,9 +2,15 @@ import { FormEvent, useEffect, useState } from "react"; | |||||||
| import { apiAuth, loadPlayers, User } from "./api"; | import { apiAuth, loadPlayers, User } from "./api"; | ||||||
| import { useSession } from "./Session"; | import { useSession } from "./Session"; | ||||||
| import { ErrorState } from "./types"; | import { ErrorState } from "./types"; | ||||||
|  | import { useNavigate } from "react-router"; | ||||||
|  |  | ||||||
| export const TeamPanel = () => { | const TeamPanel = () => { | ||||||
|   const { teams } = useSession(); |   const { user, teams } = useSession(); | ||||||
|  |   const navigate = useNavigate(); | ||||||
|  |   useEffect(() => { | ||||||
|  |     user?.scopes.includes(`team:${teams?.activeTeam}`) || | ||||||
|  |       navigate("/", { replace: true }); | ||||||
|  |   }, [user]); | ||||||
|   const newPlayerTemplate = { |   const newPlayerTemplate = { | ||||||
|     id: 0, |     id: 0, | ||||||
|     username: "", |     username: "", | ||||||
| @@ -199,3 +205,4 @@ export const TeamPanel = () => { | |||||||
|     ); |     ); | ||||||
|   } else <span className="loader" />; |   } else <span className="loader" />; | ||||||
| }; | }; | ||||||
|  | export default TeamPanel; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user